Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-2165
Description:The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
Test IDs: 1.3.6.1.4.1.25623.1.0.59716   1.3.6.1.4.1.25623.1.0.58408  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-2165
BugTraq ID: 23546
http://www.securityfocus.com/bid/23546
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:130
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
http://osvdb.org/34602
http://securitytracker.com/id?1017931
http://secunia.com/advisories/24867
http://secunia.com/advisories/25724
http://secunia.com/advisories/27516
http://www.vupen.com/english/advisories/2007/1444
XForce ISS Database: proftpd-authapi-security-bypass(33733)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33733




© 1998-2024 E-Soft Inc. All rights reserved.